本帖最后由 jxfaiu 于 2013-3-25 20:27 编辑
因饭友们不建议采用程序自定义规则,以方便铁粉们的易用性,特修正如下:
1,禁止IP0.0.0.0通信,禁止此通信;主机:IP:0.0.0.0,端口和协议:所有IP,方向:两者;
2,禁止IP224.0.0.0-224.0.0.255通信,禁止此通信;主机:IP:224.0.0.0-224.0.0.255,端口和协议:所有IP,方向:两者;
3,禁止IP0.0.0.0掩码0.0.0.255通信,禁止此通信;主机:子网IP地址:0.0.0.0,子网掩码:0.0.0.255,端口和协议:所有IP,方向:两者;
4,禁止TCP本地端口通信,禁止此通信;主机:所有主机,端口和协议:TCP,本地端口:0-1030,1033,1042,1045,1057,1080,1090,1095,1097,1098,1099,1158,1170,1234,1243,1245,1345,1349,1433,1434,1492,1521,1524,1600,1807,1831,1981,1999,2000,2001,2002,2003,2004,2005,2023,2100,2115,2140,2565,2583,2701,2702,2703,2704,2773,2774,2801,2869,3024,3129,3150,3389,3700,4092,4267,4567,4590,4899,5000,5001,5168,5321,5333,5357,5358,5400,5401,5402,5550,5554,5555,5556,5557,5569,5742,6267,6400,6670,6671,6711,6771,6776,6883,6939,6969,6970,7000,7001,7080,7215,7300,7301,7306,7307,7308,7597,7626,7789,8080,8081,9080,9090,9400,9401,9402,9408,9535,9872,9873,9874,9875,9898,9989,10067,10167,10168,10520,10607,11000,11223,12076,12223,12345,12346,12361,12362,12363,12631,13000,14500,14501,14502,14503,15000,15382,16484,16772,16969,17027,17072,17166,19191,19864,20000,20001,20002,20023,20034,21544,22222,23005,23006,23023,23032,23456,23476,23477,25685,25686,25982,26274,27374,29104,30001,30003,30029,30100,30101,30102,30103,30133,30303,30947,30999,31337,31338,31339,31666,31785,31787,31788,31789,31791,31792,32100,32418,33333,33577,33777,33911,34324,34555,35555,40421,40422,40423,40424,40425,40426,41337,41666,43210,44445,47262,49301,50130,50505,50766,51996,53001,54283,54320,54321,55165,57341,58339,60000,60411,61348,61466,61603,63485,65000,65390,65432,65535 方向:两者;
5,禁止UDP本地端口通信,禁止此通信;主机:所有主机,端口和协议:UDP,本地端口:0-1025,1027,1033,1042,1170,1234,1243,1245,1434,1492,1561,1600,1807,1900,1981,1999,2000,2001,2023,2115,2140,2583,2701,2702,2703,2704,2801,2989,3129,3024,3072,3150,3333,3700,3996,4006,4011,4060,4092,4321,4500,4590,5000,5001,5168,5321,5355,5357,5358,5400,5401,5402,5550,5569,5742,6267,6400,6670,6671,6711,6771,6776,6883,7000,7028,7300,7301,7306,7307,7626,7789,8225,9400,9401,9402,9872,9873,9874,9875,9989,10067,10167,11000,11223,12076,12223,12345,12346,12361,16969,19191,20000,20001,20034,21554,22222,22226,23456,26274,27374,30100,30303,30999,31337,31338,31339,31666,31785,31787,31788,31789,31791,31792,33333,33390,34324,34555,40412,40421,40422,40423,40425,40426,43210,44445,47262,50766,54320,54321,60000,61466,65000 方向:两者;
6,禁止UDP远程0,135,137,138,445通信,禁止此通信;主机:所有主机,端口和协议:UDP,远程:0,135,137,138,445,方向:两者;
7,禁止TCP远程0,135,137,138,139,445,3389通信,禁止此通信;主机:所有主机,端口和协议:TCP,远程:0,135,137,138,139,445,3389,方向:两者;
8,禁止ICMP 0,4,5,8-18传入,禁止此通信;主机:所有主机,端口和协议:ICMP,方向:传入,勾选4,5,8-18,回显回复、源抑制、重定向、回显请求、路由器通告、路由器请求、数椐报超时、数椐报上的参数问题、时间戳请求、时间戳回复、信息请求、信息回复、地址掩码请求、地址掩码回复
方向:传入;
9,禁止ICMP 0,3,4,5,9-18传出,禁止此通信;主机:所有主机,端口和协议:ICMP,勾选0,3,4,5,9-18,回显回复、目标不可到达、源抑制、重定向、路由器通告、路由器请求、数椐报超时、数椐报上的参数问题、时间戳请求、时间戳回复、信息请求、信息回复、地址掩码请求、地址掩码回复
方向:传出;
10,阻止alg.exe、explorer.exe、csrss.exe、ntoskrnl.exe通信,禁止此通信;主机:所有主机,端口和协议:所有IP;两者;此条规则如在SEP12有影响,请在规则编辑应用程序界面去除(alg.exe、csrss.exe)勾选;
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ntoskrnl.exe
11,Block ARP (0x806),禁止此通信;主机:所有主机,端口和协议:Ethernet(以太网),选:ARP (0x806);
12,Block 帧中继 ARP (0x808),禁止此通信;主机:所有主机,端口和协议:Ethernet(以太网),选:帧中继 ARP (0x808);
13,Block 原始帧中继 (0x6559),禁止此通信;主机:所有主机,端口和协议:Ethernet(以太网),选:原始帧中继 (0x6559);
14,Block 反向 ARP (0x8035),禁止此通信;主机:所有主机,端口和协议:Ethernet(以太网),选:反向 ARP (0x8035);
15,Block AppleTalk ARP (0x80F3),禁止此通信;主机:所有主机,端口和协议:Ethernet(以太网),选:AppleTalk ARP (0x80F3);
以上规则移至(允许 EAPOL 无线通信)之上
SEP防火墙规则压缩包:
申明:以上规则包为本人爱折腾所创,抵挡不住卡饭伟大“互助分享,大气谦和”之精神,上传共享,仅限于个人用户使用;使用本规则所造成的风险本人一律不承担任何责任;导入本规则后,你可以停用或删除认为不需要的规则;每个用户使用的系统、网络环境、程序版本安装途径不同,如有影响使用,谨请根据最新防火墙通信日志修改;规则导入后请至自定义程序规则应用程序编辑界面浏览至你所使用规则的程序;不对之处烦请指正。 |
[复制链接]
发表于 2013-3-22 12:05:21
楼主
